Imagine an anonymity set that doesn’t have a fixed deposit/withdrawal size. Instead the size is determined by the following algorithm:

Let

`n`

be the number ofunclaimednotes in the set and`x`

be the total amount of ETH that iscurrentlydeposited. If`n`

is 0, the deposit must be some fixed value. Otherwise the deposit must be exactly`x/n`

. Every withdrawal is only`f * x/n`

(where`f`

is a factor close to 1, like 0.995).

Over time each deposit gets worth more and more (because the fraction `x/n`

grows). It never reduces in value (except initially by the factor `f`

). This means that people are encouraged to deposit to the anonymity set and keep the deposit. The growth is paid by those, who withdraw their deposit before it reaches its original value. No third party is involved. Full anonymity is preserved.

A drawback is that from time to time a new anonymity set with lower deposit size must be created. Maybe a single contract could handle multiple anonymity sets and create them dynamically.

This is just a thought that I had about anonymity mining. What do you think of it?